1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "sysemu/sysemu.h" 30 #include "qemu/sockets.h" 31 #include "qemu/timer.h" 32 #include "qemu/acl.h" 33 #include "qapi/qmp/types.h" 34 #include "qmp-commands.h" 35 #include "qemu/osdep.h" 36 37 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 38 #define VNC_REFRESH_INTERVAL_INC 50 39 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 40 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 41 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 42 43 #include "vnc_keysym.h" 44 #include "d3des.h" 45 46 static VncDisplay *vnc_display; /* needed for info vnc */ 47 48 static int vnc_cursor_define(VncState *vs); 49 static void vnc_release_modifiers(VncState *vs); 50 51 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 52 { 53 #ifdef _VNC_DEBUG 54 static const char *mn[] = { 55 [0] = "undefined", 56 [VNC_SHARE_MODE_CONNECTING] = "connecting", 57 [VNC_SHARE_MODE_SHARED] = "shared", 58 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 59 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 60 }; 61 fprintf(stderr, "%s/%d: %s -> %s\n", __func__, 62 vs->csock, mn[vs->share_mode], mn[mode]); 63 #endif 64 65 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 66 vs->vd->num_exclusive--; 67 } 68 vs->share_mode = mode; 69 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 70 vs->vd->num_exclusive++; 71 } 72 } 73 74 static char *addr_to_string(const char *format, 75 struct sockaddr_storage *sa, 76 socklen_t salen) { 77 char *addr; 78 char host[NI_MAXHOST]; 79 char serv[NI_MAXSERV]; 80 int err; 81 size_t addrlen; 82 83 if ((err = getnameinfo((struct sockaddr *)sa, salen, 84 host, sizeof(host), 85 serv, sizeof(serv), 86 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 87 VNC_DEBUG("Cannot resolve address %d: %s\n", 88 err, gai_strerror(err)); 89 return NULL; 90 } 91 92 /* Enough for the existing format + the 2 vars we're 93 * substituting in. */ 94 addrlen = strlen(format) + strlen(host) + strlen(serv); 95 addr = g_malloc(addrlen + 1); 96 snprintf(addr, addrlen, format, host, serv); 97 addr[addrlen] = '\0'; 98 99 return addr; 100 } 101 102 103 char *vnc_socket_local_addr(const char *format, int fd) { 104 struct sockaddr_storage sa; 105 socklen_t salen; 106 107 salen = sizeof(sa); 108 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 109 return NULL; 110 111 return addr_to_string(format, &sa, salen); 112 } 113 114 char *vnc_socket_remote_addr(const char *format, int fd) { 115 struct sockaddr_storage sa; 116 socklen_t salen; 117 118 salen = sizeof(sa); 119 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 120 return NULL; 121 122 return addr_to_string(format, &sa, salen); 123 } 124 125 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa, 126 socklen_t salen) 127 { 128 char host[NI_MAXHOST]; 129 char serv[NI_MAXSERV]; 130 int err; 131 132 if ((err = getnameinfo((struct sockaddr *)sa, salen, 133 host, sizeof(host), 134 serv, sizeof(serv), 135 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 136 VNC_DEBUG("Cannot resolve address %d: %s\n", 137 err, gai_strerror(err)); 138 return -1; 139 } 140 141 qdict_put(qdict, "host", qstring_from_str(host)); 142 qdict_put(qdict, "service", qstring_from_str(serv)); 143 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family))); 144 145 return 0; 146 } 147 148 static int vnc_server_addr_put(QDict *qdict, int fd) 149 { 150 struct sockaddr_storage sa; 151 socklen_t salen; 152 153 salen = sizeof(sa); 154 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 155 return -1; 156 } 157 158 return put_addr_qdict(qdict, &sa, salen); 159 } 160 161 static int vnc_qdict_remote_addr(QDict *qdict, int fd) 162 { 163 struct sockaddr_storage sa; 164 socklen_t salen; 165 166 salen = sizeof(sa); 167 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 168 return -1; 169 } 170 171 return put_addr_qdict(qdict, &sa, salen); 172 } 173 174 static const char *vnc_auth_name(VncDisplay *vd) { 175 switch (vd->auth) { 176 case VNC_AUTH_INVALID: 177 return "invalid"; 178 case VNC_AUTH_NONE: 179 return "none"; 180 case VNC_AUTH_VNC: 181 return "vnc"; 182 case VNC_AUTH_RA2: 183 return "ra2"; 184 case VNC_AUTH_RA2NE: 185 return "ra2ne"; 186 case VNC_AUTH_TIGHT: 187 return "tight"; 188 case VNC_AUTH_ULTRA: 189 return "ultra"; 190 case VNC_AUTH_TLS: 191 return "tls"; 192 case VNC_AUTH_VENCRYPT: 193 #ifdef CONFIG_VNC_TLS 194 switch (vd->subauth) { 195 case VNC_AUTH_VENCRYPT_PLAIN: 196 return "vencrypt+plain"; 197 case VNC_AUTH_VENCRYPT_TLSNONE: 198 return "vencrypt+tls+none"; 199 case VNC_AUTH_VENCRYPT_TLSVNC: 200 return "vencrypt+tls+vnc"; 201 case VNC_AUTH_VENCRYPT_TLSPLAIN: 202 return "vencrypt+tls+plain"; 203 case VNC_AUTH_VENCRYPT_X509NONE: 204 return "vencrypt+x509+none"; 205 case VNC_AUTH_VENCRYPT_X509VNC: 206 return "vencrypt+x509+vnc"; 207 case VNC_AUTH_VENCRYPT_X509PLAIN: 208 return "vencrypt+x509+plain"; 209 case VNC_AUTH_VENCRYPT_TLSSASL: 210 return "vencrypt+tls+sasl"; 211 case VNC_AUTH_VENCRYPT_X509SASL: 212 return "vencrypt+x509+sasl"; 213 default: 214 return "vencrypt"; 215 } 216 #else 217 return "vencrypt"; 218 #endif 219 case VNC_AUTH_SASL: 220 return "sasl"; 221 } 222 return "unknown"; 223 } 224 225 static int vnc_server_info_put(QDict *qdict) 226 { 227 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) { 228 return -1; 229 } 230 231 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display))); 232 return 0; 233 } 234 235 static void vnc_client_cache_auth(VncState *client) 236 { 237 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 238 QDict *qdict; 239 #endif 240 241 if (!client->info) { 242 return; 243 } 244 245 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 246 qdict = qobject_to_qdict(client->info); 247 #endif 248 249 #ifdef CONFIG_VNC_TLS 250 if (client->tls.session && 251 client->tls.dname) { 252 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname)); 253 } 254 #endif 255 #ifdef CONFIG_VNC_SASL 256 if (client->sasl.conn && 257 client->sasl.username) { 258 qdict_put(qdict, "sasl_username", 259 qstring_from_str(client->sasl.username)); 260 } 261 #endif 262 } 263 264 static void vnc_client_cache_addr(VncState *client) 265 { 266 QDict *qdict; 267 268 qdict = qdict_new(); 269 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) { 270 QDECREF(qdict); 271 /* XXX: how to report the error? */ 272 return; 273 } 274 275 client->info = QOBJECT(qdict); 276 } 277 278 static void vnc_qmp_event(VncState *vs, MonitorEvent event) 279 { 280 QDict *server; 281 QObject *data; 282 283 if (!vs->info) { 284 return; 285 } 286 287 server = qdict_new(); 288 if (vnc_server_info_put(server) < 0) { 289 QDECREF(server); 290 return; 291 } 292 293 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }", 294 vs->info, QOBJECT(server)); 295 296 monitor_protocol_event(event, data); 297 298 qobject_incref(vs->info); 299 qobject_decref(data); 300 } 301 302 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 303 { 304 struct sockaddr_storage sa; 305 socklen_t salen = sizeof(sa); 306 char host[NI_MAXHOST]; 307 char serv[NI_MAXSERV]; 308 VncClientInfo *info; 309 310 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) { 311 return NULL; 312 } 313 314 if (getnameinfo((struct sockaddr *)&sa, salen, 315 host, sizeof(host), 316 serv, sizeof(serv), 317 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 318 return NULL; 319 } 320 321 info = g_malloc0(sizeof(*info)); 322 info->host = g_strdup(host); 323 info->service = g_strdup(serv); 324 info->family = g_strdup(inet_strfamily(sa.ss_family)); 325 326 #ifdef CONFIG_VNC_TLS 327 if (client->tls.session && client->tls.dname) { 328 info->has_x509_dname = true; 329 info->x509_dname = g_strdup(client->tls.dname); 330 } 331 #endif 332 #ifdef CONFIG_VNC_SASL 333 if (client->sasl.conn && client->sasl.username) { 334 info->has_sasl_username = true; 335 info->sasl_username = g_strdup(client->sasl.username); 336 } 337 #endif 338 339 return info; 340 } 341 342 VncInfo *qmp_query_vnc(Error **errp) 343 { 344 VncInfo *info = g_malloc0(sizeof(*info)); 345 346 if (vnc_display == NULL || vnc_display->display == NULL) { 347 info->enabled = false; 348 } else { 349 VncClientInfoList *cur_item = NULL; 350 struct sockaddr_storage sa; 351 socklen_t salen = sizeof(sa); 352 char host[NI_MAXHOST]; 353 char serv[NI_MAXSERV]; 354 VncState *client; 355 356 info->enabled = true; 357 358 /* for compatibility with the original command */ 359 info->has_clients = true; 360 361 QTAILQ_FOREACH(client, &vnc_display->clients, next) { 362 VncClientInfoList *cinfo = g_malloc0(sizeof(*info)); 363 cinfo->value = qmp_query_vnc_client(client); 364 365 /* XXX: waiting for the qapi to support GSList */ 366 if (!cur_item) { 367 info->clients = cur_item = cinfo; 368 } else { 369 cur_item->next = cinfo; 370 cur_item = cinfo; 371 } 372 } 373 374 if (vnc_display->lsock == -1) { 375 return info; 376 } 377 378 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa, 379 &salen) == -1) { 380 error_set(errp, QERR_UNDEFINED_ERROR); 381 goto out_error; 382 } 383 384 if (getnameinfo((struct sockaddr *)&sa, salen, 385 host, sizeof(host), 386 serv, sizeof(serv), 387 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 388 error_set(errp, QERR_UNDEFINED_ERROR); 389 goto out_error; 390 } 391 392 info->has_host = true; 393 info->host = g_strdup(host); 394 395 info->has_service = true; 396 info->service = g_strdup(serv); 397 398 info->has_family = true; 399 info->family = g_strdup(inet_strfamily(sa.ss_family)); 400 401 info->has_auth = true; 402 info->auth = g_strdup(vnc_auth_name(vnc_display)); 403 } 404 405 return info; 406 407 out_error: 408 qapi_free_VncInfo(info); 409 return NULL; 410 } 411 412 /* TODO 413 1) Get the queue working for IO. 414 2) there is some weirdness when using the -S option (the screen is grey 415 and not totally invalidated 416 3) resolutions > 1024 417 */ 418 419 static int vnc_update_client(VncState *vs, int has_dirty); 420 static int vnc_update_client_sync(VncState *vs, int has_dirty); 421 static void vnc_disconnect_start(VncState *vs); 422 423 static void vnc_colordepth(VncState *vs); 424 static void framebuffer_update_request(VncState *vs, int incremental, 425 int x_position, int y_position, 426 int w, int h); 427 static void vnc_refresh(DisplayChangeListener *dcl); 428 static int vnc_refresh_server_surface(VncDisplay *vd); 429 430 static void vnc_dpy_update(DisplayChangeListener *dcl, 431 int x, int y, int w, int h) 432 { 433 int i; 434 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 435 struct VncSurface *s = &vd->guest; 436 int width = surface_width(vd->ds); 437 int height = surface_height(vd->ds); 438 439 h += y; 440 441 /* round x down to ensure the loop only spans one 16-pixel block per, 442 iteration. otherwise, if (x % 16) != 0, the last iteration may span 443 two 16-pixel blocks but we only mark the first as dirty 444 */ 445 w += (x % 16); 446 x -= (x % 16); 447 448 x = MIN(x, width); 449 y = MIN(y, height); 450 w = MIN(x + w, width) - x; 451 h = MIN(h, height); 452 453 for (; y < h; y++) 454 for (i = 0; i < w; i += 16) 455 set_bit((x + i) / 16, s->dirty[y]); 456 } 457 458 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 459 int32_t encoding) 460 { 461 vnc_write_u16(vs, x); 462 vnc_write_u16(vs, y); 463 vnc_write_u16(vs, w); 464 vnc_write_u16(vs, h); 465 466 vnc_write_s32(vs, encoding); 467 } 468 469 void buffer_reserve(Buffer *buffer, size_t len) 470 { 471 if ((buffer->capacity - buffer->offset) < len) { 472 buffer->capacity += (len + 1024); 473 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity); 474 if (buffer->buffer == NULL) { 475 fprintf(stderr, "vnc: out of memory\n"); 476 exit(1); 477 } 478 } 479 } 480 481 static int buffer_empty(Buffer *buffer) 482 { 483 return buffer->offset == 0; 484 } 485 486 uint8_t *buffer_end(Buffer *buffer) 487 { 488 return buffer->buffer + buffer->offset; 489 } 490 491 void buffer_reset(Buffer *buffer) 492 { 493 buffer->offset = 0; 494 } 495 496 void buffer_free(Buffer *buffer) 497 { 498 g_free(buffer->buffer); 499 buffer->offset = 0; 500 buffer->capacity = 0; 501 buffer->buffer = NULL; 502 } 503 504 void buffer_append(Buffer *buffer, const void *data, size_t len) 505 { 506 memcpy(buffer->buffer + buffer->offset, data, len); 507 buffer->offset += len; 508 } 509 510 void buffer_advance(Buffer *buf, size_t len) 511 { 512 memmove(buf->buffer, buf->buffer + len, 513 (buf->offset - len)); 514 buf->offset -= len; 515 } 516 517 static void vnc_desktop_resize(VncState *vs) 518 { 519 DisplaySurface *ds = vs->vd->ds; 520 521 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 522 return; 523 } 524 if (vs->client_width == surface_width(ds) && 525 vs->client_height == surface_height(ds)) { 526 return; 527 } 528 vs->client_width = surface_width(ds); 529 vs->client_height = surface_height(ds); 530 vnc_lock_output(vs); 531 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 532 vnc_write_u8(vs, 0); 533 vnc_write_u16(vs, 1); /* number of rects */ 534 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 535 VNC_ENCODING_DESKTOPRESIZE); 536 vnc_unlock_output(vs); 537 vnc_flush(vs); 538 } 539 540 static void vnc_abort_display_jobs(VncDisplay *vd) 541 { 542 VncState *vs; 543 544 QTAILQ_FOREACH(vs, &vd->clients, next) { 545 vnc_lock_output(vs); 546 vs->abort = true; 547 vnc_unlock_output(vs); 548 } 549 QTAILQ_FOREACH(vs, &vd->clients, next) { 550 vnc_jobs_join(vs); 551 } 552 QTAILQ_FOREACH(vs, &vd->clients, next) { 553 vnc_lock_output(vs); 554 vs->abort = false; 555 vnc_unlock_output(vs); 556 } 557 } 558 559 int vnc_server_fb_stride(VncDisplay *vd) 560 { 561 return pixman_image_get_stride(vd->server); 562 } 563 564 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 565 { 566 uint8_t *ptr; 567 568 ptr = (uint8_t *)pixman_image_get_data(vd->server); 569 ptr += y * vnc_server_fb_stride(vd); 570 ptr += x * VNC_SERVER_FB_BYTES; 571 return ptr; 572 } 573 574 static void vnc_dpy_switch(DisplayChangeListener *dcl, 575 DisplaySurface *surface) 576 { 577 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 578 VncState *vs; 579 580 vnc_abort_display_jobs(vd); 581 582 /* server surface */ 583 qemu_pixman_image_unref(vd->server); 584 vd->ds = surface; 585 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 586 surface_width(vd->ds), 587 surface_height(vd->ds), 588 NULL, 0); 589 590 /* guest surface */ 591 #if 0 /* FIXME */ 592 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 593 console_color_init(ds); 594 #endif 595 qemu_pixman_image_unref(vd->guest.fb); 596 vd->guest.fb = pixman_image_ref(surface->image); 597 vd->guest.format = surface->format; 598 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty)); 599 600 QTAILQ_FOREACH(vs, &vd->clients, next) { 601 vnc_colordepth(vs); 602 vnc_desktop_resize(vs); 603 if (vs->vd->cursor) { 604 vnc_cursor_define(vs); 605 } 606 memset(vs->dirty, 0xFF, sizeof(vs->dirty)); 607 } 608 } 609 610 /* fastest code */ 611 static void vnc_write_pixels_copy(VncState *vs, 612 void *pixels, int size) 613 { 614 vnc_write(vs, pixels, size); 615 } 616 617 /* slowest but generic code. */ 618 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 619 { 620 uint8_t r, g, b; 621 622 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 623 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 624 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 625 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 626 #else 627 # error need some bits here if you change VNC_SERVER_FB_FORMAT 628 #endif 629 v = (r << vs->client_pf.rshift) | 630 (g << vs->client_pf.gshift) | 631 (b << vs->client_pf.bshift); 632 switch (vs->client_pf.bytes_per_pixel) { 633 case 1: 634 buf[0] = v; 635 break; 636 case 2: 637 if (vs->client_be) { 638 buf[0] = v >> 8; 639 buf[1] = v; 640 } else { 641 buf[1] = v >> 8; 642 buf[0] = v; 643 } 644 break; 645 default: 646 case 4: 647 if (vs->client_be) { 648 buf[0] = v >> 24; 649 buf[1] = v >> 16; 650 buf[2] = v >> 8; 651 buf[3] = v; 652 } else { 653 buf[3] = v >> 24; 654 buf[2] = v >> 16; 655 buf[1] = v >> 8; 656 buf[0] = v; 657 } 658 break; 659 } 660 } 661 662 static void vnc_write_pixels_generic(VncState *vs, 663 void *pixels1, int size) 664 { 665 uint8_t buf[4]; 666 667 if (VNC_SERVER_FB_BYTES == 4) { 668 uint32_t *pixels = pixels1; 669 int n, i; 670 n = size >> 2; 671 for (i = 0; i < n; i++) { 672 vnc_convert_pixel(vs, buf, pixels[i]); 673 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 674 } 675 } 676 } 677 678 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 679 { 680 int i; 681 uint8_t *row; 682 VncDisplay *vd = vs->vd; 683 684 row = vnc_server_fb_ptr(vd, x, y); 685 for (i = 0; i < h; i++) { 686 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 687 row += vnc_server_fb_stride(vd); 688 } 689 return 1; 690 } 691 692 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 693 { 694 int n = 0; 695 696 switch(vs->vnc_encoding) { 697 case VNC_ENCODING_ZLIB: 698 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 699 break; 700 case VNC_ENCODING_HEXTILE: 701 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 702 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 703 break; 704 case VNC_ENCODING_TIGHT: 705 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 706 break; 707 case VNC_ENCODING_TIGHT_PNG: 708 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 709 break; 710 case VNC_ENCODING_ZRLE: 711 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 712 break; 713 case VNC_ENCODING_ZYWRLE: 714 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 715 break; 716 default: 717 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 718 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 719 break; 720 } 721 return n; 722 } 723 724 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 725 { 726 /* send bitblit op to the vnc client */ 727 vnc_lock_output(vs); 728 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 729 vnc_write_u8(vs, 0); 730 vnc_write_u16(vs, 1); /* number of rects */ 731 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 732 vnc_write_u16(vs, src_x); 733 vnc_write_u16(vs, src_y); 734 vnc_unlock_output(vs); 735 vnc_flush(vs); 736 } 737 738 static void vnc_dpy_copy(DisplayChangeListener *dcl, 739 int src_x, int src_y, 740 int dst_x, int dst_y, int w, int h) 741 { 742 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 743 VncState *vs, *vn; 744 uint8_t *src_row; 745 uint8_t *dst_row; 746 int i, x, y, pitch, inc, w_lim, s; 747 int cmp_bytes; 748 749 vnc_refresh_server_surface(vd); 750 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 751 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 752 vs->force_update = 1; 753 vnc_update_client_sync(vs, 1); 754 /* vs might be free()ed here */ 755 } 756 } 757 758 /* do bitblit op on the local surface too */ 759 pitch = vnc_server_fb_stride(vd); 760 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 761 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 762 y = dst_y; 763 inc = 1; 764 if (dst_y > src_y) { 765 /* copy backwards */ 766 src_row += pitch * (h-1); 767 dst_row += pitch * (h-1); 768 pitch = -pitch; 769 y = dst_y + h - 1; 770 inc = -1; 771 } 772 w_lim = w - (16 - (dst_x % 16)); 773 if (w_lim < 0) 774 w_lim = w; 775 else 776 w_lim = w - (w_lim % 16); 777 for (i = 0; i < h; i++) { 778 for (x = 0; x <= w_lim; 779 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 780 if (x == w_lim) { 781 if ((s = w - w_lim) == 0) 782 break; 783 } else if (!x) { 784 s = (16 - (dst_x % 16)); 785 s = MIN(s, w_lim); 786 } else { 787 s = 16; 788 } 789 cmp_bytes = s * VNC_SERVER_FB_BYTES; 790 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 791 continue; 792 memmove(dst_row, src_row, cmp_bytes); 793 QTAILQ_FOREACH(vs, &vd->clients, next) { 794 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 795 set_bit(((x + dst_x) / 16), vs->dirty[y]); 796 } 797 } 798 } 799 src_row += pitch - w * VNC_SERVER_FB_BYTES; 800 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 801 y += inc; 802 } 803 804 QTAILQ_FOREACH(vs, &vd->clients, next) { 805 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 806 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 807 } 808 } 809 } 810 811 static void vnc_mouse_set(DisplayChangeListener *dcl, 812 int x, int y, int visible) 813 { 814 /* can we ask the client(s) to move the pointer ??? */ 815 } 816 817 static int vnc_cursor_define(VncState *vs) 818 { 819 QEMUCursor *c = vs->vd->cursor; 820 int isize; 821 822 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 823 vnc_lock_output(vs); 824 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 825 vnc_write_u8(vs, 0); /* padding */ 826 vnc_write_u16(vs, 1); /* # of rects */ 827 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 828 VNC_ENCODING_RICH_CURSOR); 829 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 830 vnc_write_pixels_generic(vs, c->data, isize); 831 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 832 vnc_unlock_output(vs); 833 return 0; 834 } 835 return -1; 836 } 837 838 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 839 QEMUCursor *c) 840 { 841 VncDisplay *vd = vnc_display; 842 VncState *vs; 843 844 cursor_put(vd->cursor); 845 g_free(vd->cursor_mask); 846 847 vd->cursor = c; 848 cursor_get(vd->cursor); 849 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 850 vd->cursor_mask = g_malloc0(vd->cursor_msize); 851 cursor_get_mono_mask(c, 0, vd->cursor_mask); 852 853 QTAILQ_FOREACH(vs, &vd->clients, next) { 854 vnc_cursor_define(vs); 855 } 856 } 857 858 static int find_and_clear_dirty_height(struct VncState *vs, 859 int y, int last_x, int x, int height) 860 { 861 int h; 862 863 for (h = 1; h < (height - y); h++) { 864 int tmp_x; 865 if (!test_bit(last_x, vs->dirty[y + h])) { 866 break; 867 } 868 for (tmp_x = last_x; tmp_x < x; tmp_x++) { 869 clear_bit(tmp_x, vs->dirty[y + h]); 870 } 871 } 872 873 return h; 874 } 875 876 static int vnc_update_client_sync(VncState *vs, int has_dirty) 877 { 878 int ret = vnc_update_client(vs, has_dirty); 879 vnc_jobs_join(vs); 880 return ret; 881 } 882 883 static int vnc_update_client(VncState *vs, int has_dirty) 884 { 885 if (vs->need_update && vs->csock != -1) { 886 VncDisplay *vd = vs->vd; 887 VncJob *job; 888 int y; 889 int width, height; 890 int n = 0; 891 892 893 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 894 /* kernel send buffers are full -> drop frames to throttle */ 895 return 0; 896 897 if (!has_dirty && !vs->audio_cap && !vs->force_update) 898 return 0; 899 900 /* 901 * Send screen updates to the vnc client using the server 902 * surface and server dirty map. guest surface updates 903 * happening in parallel don't disturb us, the next pass will 904 * send them to the client. 905 */ 906 job = vnc_job_new(vs); 907 908 width = MIN(pixman_image_get_width(vd->server), vs->client_width); 909 height = MIN(pixman_image_get_height(vd->server), vs->client_height); 910 911 for (y = 0; y < height; y++) { 912 int x; 913 int last_x = -1; 914 for (x = 0; x < width / 16; x++) { 915 if (test_and_clear_bit(x, vs->dirty[y])) { 916 if (last_x == -1) { 917 last_x = x; 918 } 919 } else { 920 if (last_x != -1) { 921 int h = find_and_clear_dirty_height(vs, y, last_x, x, 922 height); 923 924 n += vnc_job_add_rect(job, last_x * 16, y, 925 (x - last_x) * 16, h); 926 } 927 last_x = -1; 928 } 929 } 930 if (last_x != -1) { 931 int h = find_and_clear_dirty_height(vs, y, last_x, x, height); 932 n += vnc_job_add_rect(job, last_x * 16, y, 933 (x - last_x) * 16, h); 934 } 935 } 936 937 vnc_job_push(job); 938 vs->force_update = 0; 939 return n; 940 } 941 942 if (vs->csock == -1) 943 vnc_disconnect_finish(vs); 944 945 return 0; 946 } 947 948 /* audio */ 949 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 950 { 951 VncState *vs = opaque; 952 953 switch (cmd) { 954 case AUD_CNOTIFY_DISABLE: 955 vnc_lock_output(vs); 956 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 957 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 958 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 959 vnc_unlock_output(vs); 960 vnc_flush(vs); 961 break; 962 963 case AUD_CNOTIFY_ENABLE: 964 vnc_lock_output(vs); 965 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 966 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 967 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 968 vnc_unlock_output(vs); 969 vnc_flush(vs); 970 break; 971 } 972 } 973 974 static void audio_capture_destroy(void *opaque) 975 { 976 } 977 978 static void audio_capture(void *opaque, void *buf, int size) 979 { 980 VncState *vs = opaque; 981 982 vnc_lock_output(vs); 983 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 984 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 985 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 986 vnc_write_u32(vs, size); 987 vnc_write(vs, buf, size); 988 vnc_unlock_output(vs); 989 vnc_flush(vs); 990 } 991 992 static void audio_add(VncState *vs) 993 { 994 struct audio_capture_ops ops; 995 996 if (vs->audio_cap) { 997 monitor_printf(default_mon, "audio already running\n"); 998 return; 999 } 1000 1001 ops.notify = audio_capture_notify; 1002 ops.destroy = audio_capture_destroy; 1003 ops.capture = audio_capture; 1004 1005 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1006 if (!vs->audio_cap) { 1007 monitor_printf(default_mon, "Failed to add audio capture\n"); 1008 } 1009 } 1010 1011 static void audio_del(VncState *vs) 1012 { 1013 if (vs->audio_cap) { 1014 AUD_del_capture(vs->audio_cap, vs); 1015 vs->audio_cap = NULL; 1016 } 1017 } 1018 1019 static void vnc_disconnect_start(VncState *vs) 1020 { 1021 if (vs->csock == -1) 1022 return; 1023 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1024 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL); 1025 closesocket(vs->csock); 1026 vs->csock = -1; 1027 } 1028 1029 void vnc_disconnect_finish(VncState *vs) 1030 { 1031 int i; 1032 1033 vnc_jobs_join(vs); /* Wait encoding jobs */ 1034 1035 vnc_lock_output(vs); 1036 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED); 1037 1038 buffer_free(&vs->input); 1039 buffer_free(&vs->output); 1040 #ifdef CONFIG_VNC_WS 1041 buffer_free(&vs->ws_input); 1042 buffer_free(&vs->ws_output); 1043 #endif /* CONFIG_VNC_WS */ 1044 1045 qobject_decref(vs->info); 1046 1047 vnc_zlib_clear(vs); 1048 vnc_tight_clear(vs); 1049 vnc_zrle_clear(vs); 1050 1051 #ifdef CONFIG_VNC_TLS 1052 vnc_tls_client_cleanup(vs); 1053 #endif /* CONFIG_VNC_TLS */ 1054 #ifdef CONFIG_VNC_SASL 1055 vnc_sasl_client_cleanup(vs); 1056 #endif /* CONFIG_VNC_SASL */ 1057 audio_del(vs); 1058 vnc_release_modifiers(vs); 1059 1060 if (vs->initialized) { 1061 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1062 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1063 } 1064 1065 if (vs->vd->lock_key_sync) 1066 qemu_remove_led_event_handler(vs->led); 1067 vnc_unlock_output(vs); 1068 1069 qemu_mutex_destroy(&vs->output_mutex); 1070 if (vs->bh != NULL) { 1071 qemu_bh_delete(vs->bh); 1072 } 1073 buffer_free(&vs->jobs_buffer); 1074 1075 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1076 g_free(vs->lossy_rect[i]); 1077 } 1078 g_free(vs->lossy_rect); 1079 g_free(vs); 1080 } 1081 1082 int vnc_client_io_error(VncState *vs, int ret, int last_errno) 1083 { 1084 if (ret == 0 || ret == -1) { 1085 if (ret == -1) { 1086 switch (last_errno) { 1087 case EINTR: 1088 case EAGAIN: 1089 #ifdef _WIN32 1090 case WSAEWOULDBLOCK: 1091 #endif 1092 return 0; 1093 default: 1094 break; 1095 } 1096 } 1097 1098 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n", 1099 ret, ret < 0 ? last_errno : 0); 1100 vnc_disconnect_start(vs); 1101 1102 return 0; 1103 } 1104 return ret; 1105 } 1106 1107 1108 void vnc_client_error(VncState *vs) 1109 { 1110 VNC_DEBUG("Closing down client sock: protocol error\n"); 1111 vnc_disconnect_start(vs); 1112 } 1113 1114 1115 /* 1116 * Called to write a chunk of data to the client socket. The data may 1117 * be the raw data, or may have already been encoded by SASL. 1118 * The data will be written either straight onto the socket, or 1119 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1120 * 1121 * NB, it is theoretically possible to have 2 layers of encryption, 1122 * both SASL, and this TLS layer. It is highly unlikely in practice 1123 * though, since SASL encryption will typically be a no-op if TLS 1124 * is active 1125 * 1126 * Returns the number of bytes written, which may be less than 1127 * the requested 'datalen' if the socket would block. Returns 1128 * -1 on error, and disconnects the client socket. 1129 */ 1130 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1131 { 1132 long ret; 1133 #ifdef CONFIG_VNC_TLS 1134 if (vs->tls.session) { 1135 ret = gnutls_write(vs->tls.session, data, datalen); 1136 if (ret < 0) { 1137 if (ret == GNUTLS_E_AGAIN) 1138 errno = EAGAIN; 1139 else 1140 errno = EIO; 1141 ret = -1; 1142 } 1143 } else 1144 #endif /* CONFIG_VNC_TLS */ 1145 ret = send(vs->csock, (const void *)data, datalen, 0); 1146 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1147 return vnc_client_io_error(vs, ret, socket_error()); 1148 } 1149 1150 1151 /* 1152 * Called to write buffered data to the client socket, when not 1153 * using any SASL SSF encryption layers. Will write as much data 1154 * as possible without blocking. If all buffered data is written, 1155 * will switch the FD poll() handler back to read monitoring. 1156 * 1157 * Returns the number of bytes written, which may be less than 1158 * the buffered output data if the socket would block. Returns 1159 * -1 on error, and disconnects the client socket. 1160 */ 1161 static long vnc_client_write_plain(VncState *vs) 1162 { 1163 long ret; 1164 1165 #ifdef CONFIG_VNC_SASL 1166 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1167 vs->output.buffer, vs->output.capacity, vs->output.offset, 1168 vs->sasl.waitWriteSSF); 1169 1170 if (vs->sasl.conn && 1171 vs->sasl.runSSF && 1172 vs->sasl.waitWriteSSF) { 1173 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1174 if (ret) 1175 vs->sasl.waitWriteSSF -= ret; 1176 } else 1177 #endif /* CONFIG_VNC_SASL */ 1178 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1179 if (!ret) 1180 return 0; 1181 1182 buffer_advance(&vs->output, ret); 1183 1184 if (vs->output.offset == 0) { 1185 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1186 } 1187 1188 return ret; 1189 } 1190 1191 1192 /* 1193 * First function called whenever there is data to be written to 1194 * the client socket. Will delegate actual work according to whether 1195 * SASL SSF layers are enabled (thus requiring encryption calls) 1196 */ 1197 static void vnc_client_write_locked(void *opaque) 1198 { 1199 VncState *vs = opaque; 1200 1201 #ifdef CONFIG_VNC_SASL 1202 if (vs->sasl.conn && 1203 vs->sasl.runSSF && 1204 !vs->sasl.waitWriteSSF) { 1205 vnc_client_write_sasl(vs); 1206 } else 1207 #endif /* CONFIG_VNC_SASL */ 1208 { 1209 #ifdef CONFIG_VNC_WS 1210 if (vs->encode_ws) { 1211 vnc_client_write_ws(vs); 1212 } else 1213 #endif /* CONFIG_VNC_WS */ 1214 { 1215 vnc_client_write_plain(vs); 1216 } 1217 } 1218 } 1219 1220 void vnc_client_write(void *opaque) 1221 { 1222 VncState *vs = opaque; 1223 1224 vnc_lock_output(vs); 1225 if (vs->output.offset 1226 #ifdef CONFIG_VNC_WS 1227 || vs->ws_output.offset 1228 #endif 1229 ) { 1230 vnc_client_write_locked(opaque); 1231 } else if (vs->csock != -1) { 1232 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1233 } 1234 vnc_unlock_output(vs); 1235 } 1236 1237 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1238 { 1239 vs->read_handler = func; 1240 vs->read_handler_expect = expecting; 1241 } 1242 1243 1244 /* 1245 * Called to read a chunk of data from the client socket. The data may 1246 * be the raw data, or may need to be further decoded by SASL. 1247 * The data will be read either straight from to the socket, or 1248 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1249 * 1250 * NB, it is theoretically possible to have 2 layers of encryption, 1251 * both SASL, and this TLS layer. It is highly unlikely in practice 1252 * though, since SASL encryption will typically be a no-op if TLS 1253 * is active 1254 * 1255 * Returns the number of bytes read, which may be less than 1256 * the requested 'datalen' if the socket would block. Returns 1257 * -1 on error, and disconnects the client socket. 1258 */ 1259 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1260 { 1261 long ret; 1262 #ifdef CONFIG_VNC_TLS 1263 if (vs->tls.session) { 1264 ret = gnutls_read(vs->tls.session, data, datalen); 1265 if (ret < 0) { 1266 if (ret == GNUTLS_E_AGAIN) 1267 errno = EAGAIN; 1268 else 1269 errno = EIO; 1270 ret = -1; 1271 } 1272 } else 1273 #endif /* CONFIG_VNC_TLS */ 1274 ret = qemu_recv(vs->csock, data, datalen, 0); 1275 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1276 return vnc_client_io_error(vs, ret, socket_error()); 1277 } 1278 1279 1280 /* 1281 * Called to read data from the client socket to the input buffer, 1282 * when not using any SASL SSF encryption layers. Will read as much 1283 * data as possible without blocking. 1284 * 1285 * Returns the number of bytes read. Returns -1 on error, and 1286 * disconnects the client socket. 1287 */ 1288 static long vnc_client_read_plain(VncState *vs) 1289 { 1290 int ret; 1291 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1292 vs->input.buffer, vs->input.capacity, vs->input.offset); 1293 buffer_reserve(&vs->input, 4096); 1294 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1295 if (!ret) 1296 return 0; 1297 vs->input.offset += ret; 1298 return ret; 1299 } 1300 1301 static void vnc_jobs_bh(void *opaque) 1302 { 1303 VncState *vs = opaque; 1304 1305 vnc_jobs_consume_buffer(vs); 1306 } 1307 1308 /* 1309 * First function called whenever there is more data to be read from 1310 * the client socket. Will delegate actual work according to whether 1311 * SASL SSF layers are enabled (thus requiring decryption calls) 1312 */ 1313 void vnc_client_read(void *opaque) 1314 { 1315 VncState *vs = opaque; 1316 long ret; 1317 1318 #ifdef CONFIG_VNC_SASL 1319 if (vs->sasl.conn && vs->sasl.runSSF) 1320 ret = vnc_client_read_sasl(vs); 1321 else 1322 #endif /* CONFIG_VNC_SASL */ 1323 #ifdef CONFIG_VNC_WS 1324 if (vs->encode_ws) { 1325 ret = vnc_client_read_ws(vs); 1326 if (ret == -1) { 1327 vnc_disconnect_start(vs); 1328 return; 1329 } else if (ret == -2) { 1330 vnc_client_error(vs); 1331 return; 1332 } 1333 } else 1334 #endif /* CONFIG_VNC_WS */ 1335 { 1336 ret = vnc_client_read_plain(vs); 1337 } 1338 if (!ret) { 1339 if (vs->csock == -1) 1340 vnc_disconnect_finish(vs); 1341 return; 1342 } 1343 1344 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1345 size_t len = vs->read_handler_expect; 1346 int ret; 1347 1348 ret = vs->read_handler(vs, vs->input.buffer, len); 1349 if (vs->csock == -1) { 1350 vnc_disconnect_finish(vs); 1351 return; 1352 } 1353 1354 if (!ret) { 1355 buffer_advance(&vs->input, len); 1356 } else { 1357 vs->read_handler_expect = ret; 1358 } 1359 } 1360 } 1361 1362 void vnc_write(VncState *vs, const void *data, size_t len) 1363 { 1364 buffer_reserve(&vs->output, len); 1365 1366 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1367 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs); 1368 } 1369 1370 buffer_append(&vs->output, data, len); 1371 } 1372 1373 void vnc_write_s32(VncState *vs, int32_t value) 1374 { 1375 vnc_write_u32(vs, *(uint32_t *)&value); 1376 } 1377 1378 void vnc_write_u32(VncState *vs, uint32_t value) 1379 { 1380 uint8_t buf[4]; 1381 1382 buf[0] = (value >> 24) & 0xFF; 1383 buf[1] = (value >> 16) & 0xFF; 1384 buf[2] = (value >> 8) & 0xFF; 1385 buf[3] = value & 0xFF; 1386 1387 vnc_write(vs, buf, 4); 1388 } 1389 1390 void vnc_write_u16(VncState *vs, uint16_t value) 1391 { 1392 uint8_t buf[2]; 1393 1394 buf[0] = (value >> 8) & 0xFF; 1395 buf[1] = value & 0xFF; 1396 1397 vnc_write(vs, buf, 2); 1398 } 1399 1400 void vnc_write_u8(VncState *vs, uint8_t value) 1401 { 1402 vnc_write(vs, (char *)&value, 1); 1403 } 1404 1405 void vnc_flush(VncState *vs) 1406 { 1407 vnc_lock_output(vs); 1408 if (vs->csock != -1 && (vs->output.offset 1409 #ifdef CONFIG_VNC_WS 1410 || vs->ws_output.offset 1411 #endif 1412 )) { 1413 vnc_client_write_locked(vs); 1414 } 1415 vnc_unlock_output(vs); 1416 } 1417 1418 static uint8_t read_u8(uint8_t *data, size_t offset) 1419 { 1420 return data[offset]; 1421 } 1422 1423 static uint16_t read_u16(uint8_t *data, size_t offset) 1424 { 1425 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1426 } 1427 1428 static int32_t read_s32(uint8_t *data, size_t offset) 1429 { 1430 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1431 (data[offset + 2] << 8) | data[offset + 3]); 1432 } 1433 1434 uint32_t read_u32(uint8_t *data, size_t offset) 1435 { 1436 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1437 (data[offset + 2] << 8) | data[offset + 3]); 1438 } 1439 1440 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1441 { 1442 } 1443 1444 static void check_pointer_type_change(Notifier *notifier, void *data) 1445 { 1446 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1447 int absolute = kbd_mouse_is_absolute(); 1448 1449 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1450 vnc_lock_output(vs); 1451 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1452 vnc_write_u8(vs, 0); 1453 vnc_write_u16(vs, 1); 1454 vnc_framebuffer_update(vs, absolute, 0, 1455 surface_width(vs->vd->ds), 1456 surface_height(vs->vd->ds), 1457 VNC_ENCODING_POINTER_TYPE_CHANGE); 1458 vnc_unlock_output(vs); 1459 vnc_flush(vs); 1460 } 1461 vs->absolute = absolute; 1462 } 1463 1464 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1465 { 1466 int buttons = 0; 1467 int dz = 0; 1468 int width = surface_width(vs->vd->ds); 1469 int height = surface_height(vs->vd->ds); 1470 1471 if (button_mask & 0x01) 1472 buttons |= MOUSE_EVENT_LBUTTON; 1473 if (button_mask & 0x02) 1474 buttons |= MOUSE_EVENT_MBUTTON; 1475 if (button_mask & 0x04) 1476 buttons |= MOUSE_EVENT_RBUTTON; 1477 if (button_mask & 0x08) 1478 dz = -1; 1479 if (button_mask & 0x10) 1480 dz = 1; 1481 1482 if (vs->absolute) { 1483 kbd_mouse_event(width > 1 ? x * 0x7FFF / (width - 1) : 0x4000, 1484 height > 1 ? y * 0x7FFF / (height - 1) : 0x4000, 1485 dz, buttons); 1486 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1487 x -= 0x7FFF; 1488 y -= 0x7FFF; 1489 1490 kbd_mouse_event(x, y, dz, buttons); 1491 } else { 1492 if (vs->last_x != -1) 1493 kbd_mouse_event(x - vs->last_x, 1494 y - vs->last_y, 1495 dz, buttons); 1496 vs->last_x = x; 1497 vs->last_y = y; 1498 } 1499 } 1500 1501 static void reset_keys(VncState *vs) 1502 { 1503 int i; 1504 for(i = 0; i < 256; i++) { 1505 if (vs->modifiers_state[i]) { 1506 if (i & SCANCODE_GREY) 1507 kbd_put_keycode(SCANCODE_EMUL0); 1508 kbd_put_keycode(i | SCANCODE_UP); 1509 vs->modifiers_state[i] = 0; 1510 } 1511 } 1512 } 1513 1514 static void press_key(VncState *vs, int keysym) 1515 { 1516 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1517 if (keycode & SCANCODE_GREY) 1518 kbd_put_keycode(SCANCODE_EMUL0); 1519 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1520 if (keycode & SCANCODE_GREY) 1521 kbd_put_keycode(SCANCODE_EMUL0); 1522 kbd_put_keycode(keycode | SCANCODE_UP); 1523 } 1524 1525 static int current_led_state(VncState *vs) 1526 { 1527 int ledstate = 0; 1528 1529 if (vs->modifiers_state[0x46]) { 1530 ledstate |= QEMU_SCROLL_LOCK_LED; 1531 } 1532 if (vs->modifiers_state[0x45]) { 1533 ledstate |= QEMU_NUM_LOCK_LED; 1534 } 1535 if (vs->modifiers_state[0x3a]) { 1536 ledstate |= QEMU_CAPS_LOCK_LED; 1537 } 1538 1539 return ledstate; 1540 } 1541 1542 static void vnc_led_state_change(VncState *vs) 1543 { 1544 int ledstate = 0; 1545 1546 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1547 return; 1548 } 1549 1550 ledstate = current_led_state(vs); 1551 vnc_lock_output(vs); 1552 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1553 vnc_write_u8(vs, 0); 1554 vnc_write_u16(vs, 1); 1555 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1556 vnc_write_u8(vs, ledstate); 1557 vnc_unlock_output(vs); 1558 vnc_flush(vs); 1559 } 1560 1561 static void kbd_leds(void *opaque, int ledstate) 1562 { 1563 VncState *vs = opaque; 1564 int caps, num, scr; 1565 1566 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1567 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1568 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0; 1569 1570 if (vs->modifiers_state[0x3a] != caps) { 1571 vs->modifiers_state[0x3a] = caps; 1572 } 1573 if (vs->modifiers_state[0x45] != num) { 1574 vs->modifiers_state[0x45] = num; 1575 } 1576 if (vs->modifiers_state[0x46] != scr) { 1577 vs->modifiers_state[0x46] = scr; 1578 } 1579 1580 /* Sending the current led state message to the client */ 1581 if (ledstate != current_led_state(vs)) { 1582 vnc_led_state_change(vs); 1583 } 1584 } 1585 1586 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1587 { 1588 /* QEMU console switch */ 1589 switch(keycode) { 1590 case 0x2a: /* Left Shift */ 1591 case 0x36: /* Right Shift */ 1592 case 0x1d: /* Left CTRL */ 1593 case 0x9d: /* Right CTRL */ 1594 case 0x38: /* Left ALT */ 1595 case 0xb8: /* Right ALT */ 1596 if (down) 1597 vs->modifiers_state[keycode] = 1; 1598 else 1599 vs->modifiers_state[keycode] = 0; 1600 break; 1601 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1602 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1603 /* Reset the modifiers sent to the current console */ 1604 reset_keys(vs); 1605 console_select(keycode - 0x02); 1606 return; 1607 } 1608 break; 1609 case 0x3a: /* CapsLock */ 1610 case 0x45: /* NumLock */ 1611 if (down) 1612 vs->modifiers_state[keycode] ^= 1; 1613 break; 1614 } 1615 1616 /* Turn off the lock state sync logic if the client support the led 1617 state extension. 1618 */ 1619 if (down && vs->vd->lock_key_sync && 1620 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1621 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1622 /* If the numlock state needs to change then simulate an additional 1623 keypress before sending this one. This will happen if the user 1624 toggles numlock away from the VNC window. 1625 */ 1626 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1627 if (!vs->modifiers_state[0x45]) { 1628 vs->modifiers_state[0x45] = 1; 1629 press_key(vs, 0xff7f); 1630 } 1631 } else { 1632 if (vs->modifiers_state[0x45]) { 1633 vs->modifiers_state[0x45] = 0; 1634 press_key(vs, 0xff7f); 1635 } 1636 } 1637 } 1638 1639 if (down && vs->vd->lock_key_sync && 1640 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1641 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1642 /* If the capslock state needs to change then simulate an additional 1643 keypress before sending this one. This will happen if the user 1644 toggles capslock away from the VNC window. 1645 */ 1646 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1647 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1648 int capslock = !!(vs->modifiers_state[0x3a]); 1649 if (capslock) { 1650 if (uppercase == shift) { 1651 vs->modifiers_state[0x3a] = 0; 1652 press_key(vs, 0xffe5); 1653 } 1654 } else { 1655 if (uppercase != shift) { 1656 vs->modifiers_state[0x3a] = 1; 1657 press_key(vs, 0xffe5); 1658 } 1659 } 1660 } 1661 1662 if (qemu_console_is_graphic(NULL)) { 1663 if (keycode & SCANCODE_GREY) 1664 kbd_put_keycode(SCANCODE_EMUL0); 1665 if (down) 1666 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1667 else 1668 kbd_put_keycode(keycode | SCANCODE_UP); 1669 } else { 1670 bool numlock = vs->modifiers_state[0x45]; 1671 bool control = (vs->modifiers_state[0x1d] || 1672 vs->modifiers_state[0x9d]); 1673 /* QEMU console emulation */ 1674 if (down) { 1675 switch (keycode) { 1676 case 0x2a: /* Left Shift */ 1677 case 0x36: /* Right Shift */ 1678 case 0x1d: /* Left CTRL */ 1679 case 0x9d: /* Right CTRL */ 1680 case 0x38: /* Left ALT */ 1681 case 0xb8: /* Right ALT */ 1682 break; 1683 case 0xc8: 1684 kbd_put_keysym(QEMU_KEY_UP); 1685 break; 1686 case 0xd0: 1687 kbd_put_keysym(QEMU_KEY_DOWN); 1688 break; 1689 case 0xcb: 1690 kbd_put_keysym(QEMU_KEY_LEFT); 1691 break; 1692 case 0xcd: 1693 kbd_put_keysym(QEMU_KEY_RIGHT); 1694 break; 1695 case 0xd3: 1696 kbd_put_keysym(QEMU_KEY_DELETE); 1697 break; 1698 case 0xc7: 1699 kbd_put_keysym(QEMU_KEY_HOME); 1700 break; 1701 case 0xcf: 1702 kbd_put_keysym(QEMU_KEY_END); 1703 break; 1704 case 0xc9: 1705 kbd_put_keysym(QEMU_KEY_PAGEUP); 1706 break; 1707 case 0xd1: 1708 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1709 break; 1710 1711 case 0x47: 1712 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1713 break; 1714 case 0x48: 1715 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1716 break; 1717 case 0x49: 1718 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1719 break; 1720 case 0x4b: 1721 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1722 break; 1723 case 0x4c: 1724 kbd_put_keysym('5'); 1725 break; 1726 case 0x4d: 1727 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1728 break; 1729 case 0x4f: 1730 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1731 break; 1732 case 0x50: 1733 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1734 break; 1735 case 0x51: 1736 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1737 break; 1738 case 0x52: 1739 kbd_put_keysym('0'); 1740 break; 1741 case 0x53: 1742 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1743 break; 1744 1745 case 0xb5: 1746 kbd_put_keysym('/'); 1747 break; 1748 case 0x37: 1749 kbd_put_keysym('*'); 1750 break; 1751 case 0x4a: 1752 kbd_put_keysym('-'); 1753 break; 1754 case 0x4e: 1755 kbd_put_keysym('+'); 1756 break; 1757 case 0x9c: 1758 kbd_put_keysym('\n'); 1759 break; 1760 1761 default: 1762 if (control) { 1763 kbd_put_keysym(sym & 0x1f); 1764 } else { 1765 kbd_put_keysym(sym); 1766 } 1767 break; 1768 } 1769 } 1770 } 1771 } 1772 1773 static void vnc_release_modifiers(VncState *vs) 1774 { 1775 static const int keycodes[] = { 1776 /* shift, control, alt keys, both left & right */ 1777 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1778 }; 1779 int i, keycode; 1780 1781 if (!qemu_console_is_graphic(NULL)) { 1782 return; 1783 } 1784 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1785 keycode = keycodes[i]; 1786 if (!vs->modifiers_state[keycode]) { 1787 continue; 1788 } 1789 if (keycode & SCANCODE_GREY) { 1790 kbd_put_keycode(SCANCODE_EMUL0); 1791 } 1792 kbd_put_keycode(keycode | SCANCODE_UP); 1793 } 1794 } 1795 1796 static void key_event(VncState *vs, int down, uint32_t sym) 1797 { 1798 int keycode; 1799 int lsym = sym; 1800 1801 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 1802 lsym = lsym - 'A' + 'a'; 1803 } 1804 1805 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1806 do_key_event(vs, down, keycode, sym); 1807 } 1808 1809 static void ext_key_event(VncState *vs, int down, 1810 uint32_t sym, uint16_t keycode) 1811 { 1812 /* if the user specifies a keyboard layout, always use it */ 1813 if (keyboard_layout) 1814 key_event(vs, down, sym); 1815 else 1816 do_key_event(vs, down, keycode, sym); 1817 } 1818 1819 static void framebuffer_update_request(VncState *vs, int incremental, 1820 int x_position, int y_position, 1821 int w, int h) 1822 { 1823 int i; 1824 const size_t width = surface_width(vs->vd->ds) / 16; 1825 const size_t height = surface_height(vs->vd->ds); 1826 1827 if (y_position > height) { 1828 y_position = height; 1829 } 1830 if (y_position + h >= height) { 1831 h = height - y_position; 1832 } 1833 1834 vs->need_update = 1; 1835 if (!incremental) { 1836 vs->force_update = 1; 1837 for (i = 0; i < h; i++) { 1838 bitmap_set(vs->dirty[y_position + i], 0, width); 1839 bitmap_clear(vs->dirty[y_position + i], width, 1840 VNC_DIRTY_BITS - width); 1841 } 1842 } 1843 } 1844 1845 static void send_ext_key_event_ack(VncState *vs) 1846 { 1847 vnc_lock_output(vs); 1848 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1849 vnc_write_u8(vs, 0); 1850 vnc_write_u16(vs, 1); 1851 vnc_framebuffer_update(vs, 0, 0, 1852 surface_width(vs->vd->ds), 1853 surface_height(vs->vd->ds), 1854 VNC_ENCODING_EXT_KEY_EVENT); 1855 vnc_unlock_output(vs); 1856 vnc_flush(vs); 1857 } 1858 1859 static void send_ext_audio_ack(VncState *vs) 1860 { 1861 vnc_lock_output(vs); 1862 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1863 vnc_write_u8(vs, 0); 1864 vnc_write_u16(vs, 1); 1865 vnc_framebuffer_update(vs, 0, 0, 1866 surface_width(vs->vd->ds), 1867 surface_height(vs->vd->ds), 1868 VNC_ENCODING_AUDIO); 1869 vnc_unlock_output(vs); 1870 vnc_flush(vs); 1871 } 1872 1873 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1874 { 1875 int i; 1876 unsigned int enc = 0; 1877 1878 vs->features = 0; 1879 vs->vnc_encoding = 0; 1880 vs->tight.compression = 9; 1881 vs->tight.quality = -1; /* Lossless by default */ 1882 vs->absolute = -1; 1883 1884 /* 1885 * Start from the end because the encodings are sent in order of preference. 1886 * This way the preferred encoding (first encoding defined in the array) 1887 * will be set at the end of the loop. 1888 */ 1889 for (i = n_encodings - 1; i >= 0; i--) { 1890 enc = encodings[i]; 1891 switch (enc) { 1892 case VNC_ENCODING_RAW: 1893 vs->vnc_encoding = enc; 1894 break; 1895 case VNC_ENCODING_COPYRECT: 1896 vs->features |= VNC_FEATURE_COPYRECT_MASK; 1897 break; 1898 case VNC_ENCODING_HEXTILE: 1899 vs->features |= VNC_FEATURE_HEXTILE_MASK; 1900 vs->vnc_encoding = enc; 1901 break; 1902 case VNC_ENCODING_TIGHT: 1903 vs->features |= VNC_FEATURE_TIGHT_MASK; 1904 vs->vnc_encoding = enc; 1905 break; 1906 #ifdef CONFIG_VNC_PNG 1907 case VNC_ENCODING_TIGHT_PNG: 1908 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 1909 vs->vnc_encoding = enc; 1910 break; 1911 #endif 1912 case VNC_ENCODING_ZLIB: 1913 vs->features |= VNC_FEATURE_ZLIB_MASK; 1914 vs->vnc_encoding = enc; 1915 break; 1916 case VNC_ENCODING_ZRLE: 1917 vs->features |= VNC_FEATURE_ZRLE_MASK; 1918 vs->vnc_encoding = enc; 1919 break; 1920 case VNC_ENCODING_ZYWRLE: 1921 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 1922 vs->vnc_encoding = enc; 1923 break; 1924 case VNC_ENCODING_DESKTOPRESIZE: 1925 vs->features |= VNC_FEATURE_RESIZE_MASK; 1926 break; 1927 case VNC_ENCODING_POINTER_TYPE_CHANGE: 1928 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 1929 break; 1930 case VNC_ENCODING_RICH_CURSOR: 1931 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 1932 break; 1933 case VNC_ENCODING_EXT_KEY_EVENT: 1934 send_ext_key_event_ack(vs); 1935 break; 1936 case VNC_ENCODING_AUDIO: 1937 send_ext_audio_ack(vs); 1938 break; 1939 case VNC_ENCODING_WMVi: 1940 vs->features |= VNC_FEATURE_WMVI_MASK; 1941 break; 1942 case VNC_ENCODING_LED_STATE: 1943 vs->features |= VNC_FEATURE_LED_STATE_MASK; 1944 break; 1945 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 1946 vs->tight.compression = (enc & 0x0F); 1947 break; 1948 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 1949 if (vs->vd->lossy) { 1950 vs->tight.quality = (enc & 0x0F); 1951 } 1952 break; 1953 default: 1954 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 1955 break; 1956 } 1957 } 1958 vnc_desktop_resize(vs); 1959 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 1960 vnc_led_state_change(vs); 1961 } 1962 1963 static void set_pixel_conversion(VncState *vs) 1964 { 1965 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 1966 1967 if (fmt == VNC_SERVER_FB_FORMAT) { 1968 vs->write_pixels = vnc_write_pixels_copy; 1969 vnc_hextile_set_pixel_conversion(vs, 0); 1970 } else { 1971 vs->write_pixels = vnc_write_pixels_generic; 1972 vnc_hextile_set_pixel_conversion(vs, 1); 1973 } 1974 } 1975 1976 static void set_pixel_format(VncState *vs, 1977 int bits_per_pixel, int depth, 1978 int big_endian_flag, int true_color_flag, 1979 int red_max, int green_max, int blue_max, 1980 int red_shift, int green_shift, int blue_shift) 1981 { 1982 if (!true_color_flag) { 1983 vnc_client_error(vs); 1984 return; 1985 } 1986 1987 vs->client_pf.rmax = red_max; 1988 vs->client_pf.rbits = hweight_long(red_max); 1989 vs->client_pf.rshift = red_shift; 1990 vs->client_pf.rmask = red_max << red_shift; 1991 vs->client_pf.gmax = green_max; 1992 vs->client_pf.gbits = hweight_long(green_max); 1993 vs->client_pf.gshift = green_shift; 1994 vs->client_pf.gmask = green_max << green_shift; 1995 vs->client_pf.bmax = blue_max; 1996 vs->client_pf.bbits = hweight_long(blue_max); 1997 vs->client_pf.bshift = blue_shift; 1998 vs->client_pf.bmask = blue_max << blue_shift; 1999 vs->client_pf.bits_per_pixel = bits_per_pixel; 2000 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2001 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2002 vs->client_be = big_endian_flag; 2003 2004 set_pixel_conversion(vs); 2005 2006 graphic_hw_invalidate(NULL); 2007 graphic_hw_update(NULL); 2008 } 2009 2010 static void pixel_format_message (VncState *vs) { 2011 char pad[3] = { 0, 0, 0 }; 2012 2013 vs->client_pf = qemu_default_pixelformat(32); 2014 2015 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2016 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2017 2018 #ifdef HOST_WORDS_BIGENDIAN 2019 vnc_write_u8(vs, 1); /* big-endian-flag */ 2020 #else 2021 vnc_write_u8(vs, 0); /* big-endian-flag */ 2022 #endif 2023 vnc_write_u8(vs, 1); /* true-color-flag */ 2024 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2025 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2026 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2027 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2028 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2029 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2030 vnc_write(vs, pad, 3); /* padding */ 2031 2032 vnc_hextile_set_pixel_conversion(vs, 0); 2033 vs->write_pixels = vnc_write_pixels_copy; 2034 } 2035 2036 static void vnc_colordepth(VncState *vs) 2037 { 2038 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2039 /* Sending a WMVi message to notify the client*/ 2040 vnc_lock_output(vs); 2041 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2042 vnc_write_u8(vs, 0); 2043 vnc_write_u16(vs, 1); /* number of rects */ 2044 vnc_framebuffer_update(vs, 0, 0, 2045 surface_width(vs->vd->ds), 2046 surface_height(vs->vd->ds), 2047 VNC_ENCODING_WMVi); 2048 pixel_format_message(vs); 2049 vnc_unlock_output(vs); 2050 vnc_flush(vs); 2051 } else { 2052 set_pixel_conversion(vs); 2053 } 2054 } 2055 2056 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2057 { 2058 int i; 2059 uint16_t limit; 2060 VncDisplay *vd = vs->vd; 2061 2062 if (data[0] > 3) { 2063 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2064 } 2065 2066 switch (data[0]) { 2067 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2068 if (len == 1) 2069 return 20; 2070 2071 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 2072 read_u8(data, 6), read_u8(data, 7), 2073 read_u16(data, 8), read_u16(data, 10), 2074 read_u16(data, 12), read_u8(data, 14), 2075 read_u8(data, 15), read_u8(data, 16)); 2076 break; 2077 case VNC_MSG_CLIENT_SET_ENCODINGS: 2078 if (len == 1) 2079 return 4; 2080 2081 if (len == 4) { 2082 limit = read_u16(data, 2); 2083 if (limit > 0) 2084 return 4 + (limit * 4); 2085 } else 2086 limit = read_u16(data, 2); 2087 2088 for (i = 0; i < limit; i++) { 2089 int32_t val = read_s32(data, 4 + (i * 4)); 2090 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2091 } 2092 2093 set_encodings(vs, (int32_t *)(data + 4), limit); 2094 break; 2095 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2096 if (len == 1) 2097 return 10; 2098 2099 framebuffer_update_request(vs, 2100 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2101 read_u16(data, 6), read_u16(data, 8)); 2102 break; 2103 case VNC_MSG_CLIENT_KEY_EVENT: 2104 if (len == 1) 2105 return 8; 2106 2107 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2108 break; 2109 case VNC_MSG_CLIENT_POINTER_EVENT: 2110 if (len == 1) 2111 return 6; 2112 2113 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2114 break; 2115 case VNC_MSG_CLIENT_CUT_TEXT: 2116 if (len == 1) 2117 return 8; 2118 2119 if (len == 8) { 2120 uint32_t dlen = read_u32(data, 4); 2121 if (dlen > 0) 2122 return 8 + dlen; 2123 } 2124 2125 client_cut_text(vs, read_u32(data, 4), data + 8); 2126 break; 2127 case VNC_MSG_CLIENT_QEMU: 2128 if (len == 1) 2129 return 2; 2130 2131 switch (read_u8(data, 1)) { 2132 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2133 if (len == 2) 2134 return 12; 2135 2136 ext_key_event(vs, read_u16(data, 2), 2137 read_u32(data, 4), read_u32(data, 8)); 2138 break; 2139 case VNC_MSG_CLIENT_QEMU_AUDIO: 2140 if (len == 2) 2141 return 4; 2142 2143 switch (read_u16 (data, 2)) { 2144 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2145 audio_add(vs); 2146 break; 2147 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2148 audio_del(vs); 2149 break; 2150 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2151 if (len == 4) 2152 return 10; 2153 switch (read_u8(data, 4)) { 2154 case 0: vs->as.fmt = AUD_FMT_U8; break; 2155 case 1: vs->as.fmt = AUD_FMT_S8; break; 2156 case 2: vs->as.fmt = AUD_FMT_U16; break; 2157 case 3: vs->as.fmt = AUD_FMT_S16; break; 2158 case 4: vs->as.fmt = AUD_FMT_U32; break; 2159 case 5: vs->as.fmt = AUD_FMT_S32; break; 2160 default: 2161 printf("Invalid audio format %d\n", read_u8(data, 4)); 2162 vnc_client_error(vs); 2163 break; 2164 } 2165 vs->as.nchannels = read_u8(data, 5); 2166 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2167 printf("Invalid audio channel coount %d\n", 2168 read_u8(data, 5)); 2169 vnc_client_error(vs); 2170 break; 2171 } 2172 vs->as.freq = read_u32(data, 6); 2173 break; 2174 default: 2175 printf ("Invalid audio message %d\n", read_u8(data, 4)); 2176 vnc_client_error(vs); 2177 break; 2178 } 2179 break; 2180 2181 default: 2182 printf("Msg: %d\n", read_u16(data, 0)); 2183 vnc_client_error(vs); 2184 break; 2185 } 2186 break; 2187 default: 2188 printf("Msg: %d\n", data[0]); 2189 vnc_client_error(vs); 2190 break; 2191 } 2192 2193 vnc_read_when(vs, protocol_client_msg, 1); 2194 return 0; 2195 } 2196 2197 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2198 { 2199 char buf[1024]; 2200 VncShareMode mode; 2201 int size; 2202 2203 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2204 switch (vs->vd->share_policy) { 2205 case VNC_SHARE_POLICY_IGNORE: 2206 /* 2207 * Ignore the shared flag. Nothing to do here. 2208 * 2209 * Doesn't conform to the rfb spec but is traditional qemu 2210 * behavior, thus left here as option for compatibility 2211 * reasons. 2212 */ 2213 break; 2214 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2215 /* 2216 * Policy: Allow clients ask for exclusive access. 2217 * 2218 * Implementation: When a client asks for exclusive access, 2219 * disconnect all others. Shared connects are allowed as long 2220 * as no exclusive connection exists. 2221 * 2222 * This is how the rfb spec suggests to handle the shared flag. 2223 */ 2224 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2225 VncState *client; 2226 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2227 if (vs == client) { 2228 continue; 2229 } 2230 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2231 client->share_mode != VNC_SHARE_MODE_SHARED) { 2232 continue; 2233 } 2234 vnc_disconnect_start(client); 2235 } 2236 } 2237 if (mode == VNC_SHARE_MODE_SHARED) { 2238 if (vs->vd->num_exclusive > 0) { 2239 vnc_disconnect_start(vs); 2240 return 0; 2241 } 2242 } 2243 break; 2244 case VNC_SHARE_POLICY_FORCE_SHARED: 2245 /* 2246 * Policy: Shared connects only. 2247 * Implementation: Disallow clients asking for exclusive access. 2248 * 2249 * Useful for shared desktop sessions where you don't want 2250 * someone forgetting to say -shared when running the vnc 2251 * client disconnect everybody else. 2252 */ 2253 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2254 vnc_disconnect_start(vs); 2255 return 0; 2256 } 2257 break; 2258 } 2259 vnc_set_share_mode(vs, mode); 2260 2261 vs->client_width = surface_width(vs->vd->ds); 2262 vs->client_height = surface_height(vs->vd->ds); 2263 vnc_write_u16(vs, vs->client_width); 2264 vnc_write_u16(vs, vs->client_height); 2265 2266 pixel_format_message(vs); 2267 2268 if (qemu_name) 2269 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2270 else 2271 size = snprintf(buf, sizeof(buf), "QEMU"); 2272 2273 vnc_write_u32(vs, size); 2274 vnc_write(vs, buf, size); 2275 vnc_flush(vs); 2276 2277 vnc_client_cache_auth(vs); 2278 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED); 2279 2280 vnc_read_when(vs, protocol_client_msg, 1); 2281 2282 return 0; 2283 } 2284 2285 void start_client_init(VncState *vs) 2286 { 2287 vnc_read_when(vs, protocol_client_init, 1); 2288 } 2289 2290 static void make_challenge(VncState *vs) 2291 { 2292 int i; 2293 2294 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2295 2296 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2297 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2298 } 2299 2300 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2301 { 2302 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2303 int i, j, pwlen; 2304 unsigned char key[8]; 2305 time_t now = time(NULL); 2306 2307 if (!vs->vd->password) { 2308 VNC_DEBUG("No password configured on server"); 2309 goto reject; 2310 } 2311 if (vs->vd->expires < now) { 2312 VNC_DEBUG("Password is expired"); 2313 goto reject; 2314 } 2315 2316 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2317 2318 /* Calculate the expected challenge response */ 2319 pwlen = strlen(vs->vd->password); 2320 for (i=0; i<sizeof(key); i++) 2321 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2322 deskey(key, EN0); 2323 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) 2324 des(response+j, response+j); 2325 2326 /* Compare expected vs actual challenge response */ 2327 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2328 VNC_DEBUG("Client challenge response did not match\n"); 2329 goto reject; 2330 } else { 2331 VNC_DEBUG("Accepting VNC challenge response\n"); 2332 vnc_write_u32(vs, 0); /* Accept auth */ 2333 vnc_flush(vs); 2334 2335 start_client_init(vs); 2336 } 2337 return 0; 2338 2339 reject: 2340 vnc_write_u32(vs, 1); /* Reject auth */ 2341 if (vs->minor >= 8) { 2342 static const char err[] = "Authentication failed"; 2343 vnc_write_u32(vs, sizeof(err)); 2344 vnc_write(vs, err, sizeof(err)); 2345 } 2346 vnc_flush(vs); 2347 vnc_client_error(vs); 2348 return 0; 2349 } 2350 2351 void start_auth_vnc(VncState *vs) 2352 { 2353 make_challenge(vs); 2354 /* Send client a 'random' challenge */ 2355 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2356 vnc_flush(vs); 2357 2358 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2359 } 2360 2361 2362 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2363 { 2364 /* We only advertise 1 auth scheme at a time, so client 2365 * must pick the one we sent. Verify this */ 2366 if (data[0] != vs->auth) { /* Reject auth */ 2367 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2368 vnc_write_u32(vs, 1); 2369 if (vs->minor >= 8) { 2370 static const char err[] = "Authentication failed"; 2371 vnc_write_u32(vs, sizeof(err)); 2372 vnc_write(vs, err, sizeof(err)); 2373 } 2374 vnc_client_error(vs); 2375 } else { /* Accept requested auth */ 2376 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2377 switch (vs->auth) { 2378 case VNC_AUTH_NONE: 2379 VNC_DEBUG("Accept auth none\n"); 2380 if (vs->minor >= 8) { 2381 vnc_write_u32(vs, 0); /* Accept auth completion */ 2382 vnc_flush(vs); 2383 } 2384 start_client_init(vs); 2385 break; 2386 2387 case VNC_AUTH_VNC: 2388 VNC_DEBUG("Start VNC auth\n"); 2389 start_auth_vnc(vs); 2390 break; 2391 2392 #ifdef CONFIG_VNC_TLS 2393 case VNC_AUTH_VENCRYPT: 2394 VNC_DEBUG("Accept VeNCrypt auth\n"); 2395 start_auth_vencrypt(vs); 2396 break; 2397 #endif /* CONFIG_VNC_TLS */ 2398 2399 #ifdef CONFIG_VNC_SASL 2400 case VNC_AUTH_SASL: 2401 VNC_DEBUG("Accept SASL auth\n"); 2402 start_auth_sasl(vs); 2403 break; 2404 #endif /* CONFIG_VNC_SASL */ 2405 2406 default: /* Should not be possible, but just in case */ 2407 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2408 vnc_write_u8(vs, 1); 2409 if (vs->minor >= 8) { 2410 static const char err[] = "Authentication failed"; 2411 vnc_write_u32(vs, sizeof(err)); 2412 vnc_write(vs, err, sizeof(err)); 2413 } 2414 vnc_client_error(vs); 2415 } 2416 } 2417 return 0; 2418 } 2419 2420 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2421 { 2422 char local[13]; 2423 2424 memcpy(local, version, 12); 2425 local[12] = 0; 2426 2427 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2428 VNC_DEBUG("Malformed protocol version %s\n", local); 2429 vnc_client_error(vs); 2430 return 0; 2431 } 2432 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2433 if (vs->major != 3 || 2434 (vs->minor != 3 && 2435 vs->minor != 4 && 2436 vs->minor != 5 && 2437 vs->minor != 7 && 2438 vs->minor != 8)) { 2439 VNC_DEBUG("Unsupported client version\n"); 2440 vnc_write_u32(vs, VNC_AUTH_INVALID); 2441 vnc_flush(vs); 2442 vnc_client_error(vs); 2443 return 0; 2444 } 2445 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2446 * as equivalent to v3.3 by servers 2447 */ 2448 if (vs->minor == 4 || vs->minor == 5) 2449 vs->minor = 3; 2450 2451 if (vs->minor == 3) { 2452 if (vs->auth == VNC_AUTH_NONE) { 2453 VNC_DEBUG("Tell client auth none\n"); 2454 vnc_write_u32(vs, vs->auth); 2455 vnc_flush(vs); 2456 start_client_init(vs); 2457 } else if (vs->auth == VNC_AUTH_VNC) { 2458 VNC_DEBUG("Tell client VNC auth\n"); 2459 vnc_write_u32(vs, vs->auth); 2460 vnc_flush(vs); 2461 start_auth_vnc(vs); 2462 } else { 2463 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2464 vnc_write_u32(vs, VNC_AUTH_INVALID); 2465 vnc_flush(vs); 2466 vnc_client_error(vs); 2467 } 2468 } else { 2469 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2470 vnc_write_u8(vs, 1); /* num auth */ 2471 vnc_write_u8(vs, vs->auth); 2472 vnc_read_when(vs, protocol_client_auth, 1); 2473 vnc_flush(vs); 2474 } 2475 2476 return 0; 2477 } 2478 2479 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2480 { 2481 struct VncSurface *vs = &vd->guest; 2482 2483 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2484 } 2485 2486 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2487 { 2488 int i, j; 2489 2490 w = (x + w) / VNC_STAT_RECT; 2491 h = (y + h) / VNC_STAT_RECT; 2492 x /= VNC_STAT_RECT; 2493 y /= VNC_STAT_RECT; 2494 2495 for (j = y; j <= h; j++) { 2496 for (i = x; i <= w; i++) { 2497 vs->lossy_rect[j][i] = 1; 2498 } 2499 } 2500 } 2501 2502 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2503 { 2504 VncState *vs; 2505 int sty = y / VNC_STAT_RECT; 2506 int stx = x / VNC_STAT_RECT; 2507 int has_dirty = 0; 2508 2509 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2510 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2511 2512 QTAILQ_FOREACH(vs, &vd->clients, next) { 2513 int j; 2514 2515 /* kernel send buffers are full -> refresh later */ 2516 if (vs->output.offset) { 2517 continue; 2518 } 2519 2520 if (!vs->lossy_rect[sty][stx]) { 2521 continue; 2522 } 2523 2524 vs->lossy_rect[sty][stx] = 0; 2525 for (j = 0; j < VNC_STAT_RECT; ++j) { 2526 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16); 2527 } 2528 has_dirty++; 2529 } 2530 2531 return has_dirty; 2532 } 2533 2534 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2535 { 2536 int width = pixman_image_get_width(vd->guest.fb); 2537 int height = pixman_image_get_height(vd->guest.fb); 2538 int x, y; 2539 struct timeval res; 2540 int has_dirty = 0; 2541 2542 for (y = 0; y < height; y += VNC_STAT_RECT) { 2543 for (x = 0; x < width; x += VNC_STAT_RECT) { 2544 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2545 2546 rect->updated = false; 2547 } 2548 } 2549 2550 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2551 2552 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2553 return has_dirty; 2554 } 2555 vd->guest.last_freq_check = *tv; 2556 2557 for (y = 0; y < height; y += VNC_STAT_RECT) { 2558 for (x = 0; x < width; x += VNC_STAT_RECT) { 2559 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2560 int count = ARRAY_SIZE(rect->times); 2561 struct timeval min, max; 2562 2563 if (!timerisset(&rect->times[count - 1])) { 2564 continue ; 2565 } 2566 2567 max = rect->times[(rect->idx + count - 1) % count]; 2568 qemu_timersub(tv, &max, &res); 2569 2570 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2571 rect->freq = 0; 2572 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2573 memset(rect->times, 0, sizeof (rect->times)); 2574 continue ; 2575 } 2576 2577 min = rect->times[rect->idx]; 2578 max = rect->times[(rect->idx + count - 1) % count]; 2579 qemu_timersub(&max, &min, &res); 2580 2581 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2582 rect->freq /= count; 2583 rect->freq = 1. / rect->freq; 2584 } 2585 } 2586 return has_dirty; 2587 } 2588 2589 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2590 { 2591 int i, j; 2592 double total = 0; 2593 int num = 0; 2594 2595 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2596 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2597 2598 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2599 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2600 total += vnc_stat_rect(vs->vd, i, j)->freq; 2601 num++; 2602 } 2603 } 2604 2605 if (num) { 2606 return total / num; 2607 } else { 2608 return 0; 2609 } 2610 } 2611 2612 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2613 { 2614 VncRectStat *rect; 2615 2616 rect = vnc_stat_rect(vd, x, y); 2617 if (rect->updated) { 2618 return ; 2619 } 2620 rect->times[rect->idx] = *tv; 2621 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2622 rect->updated = true; 2623 } 2624 2625 static int vnc_refresh_server_surface(VncDisplay *vd) 2626 { 2627 int width = pixman_image_get_width(vd->guest.fb); 2628 int height = pixman_image_get_height(vd->guest.fb); 2629 int y; 2630 uint8_t *guest_row; 2631 uint8_t *server_row; 2632 int cmp_bytes; 2633 VncState *vs; 2634 int has_dirty = 0; 2635 pixman_image_t *tmpbuf = NULL; 2636 2637 struct timeval tv = { 0, 0 }; 2638 2639 if (!vd->non_adaptive) { 2640 gettimeofday(&tv, NULL); 2641 has_dirty = vnc_update_stats(vd, &tv); 2642 } 2643 2644 /* 2645 * Walk through the guest dirty map. 2646 * Check and copy modified bits from guest to server surface. 2647 * Update server dirty map. 2648 */ 2649 cmp_bytes = 64; 2650 if (cmp_bytes > vnc_server_fb_stride(vd)) { 2651 cmp_bytes = vnc_server_fb_stride(vd); 2652 } 2653 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2654 int width = pixman_image_get_width(vd->server); 2655 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2656 } 2657 guest_row = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2658 server_row = (uint8_t *)pixman_image_get_data(vd->server); 2659 for (y = 0; y < height; y++) { 2660 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) { 2661 int x; 2662 uint8_t *guest_ptr; 2663 uint8_t *server_ptr; 2664 2665 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2666 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2667 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2668 } else { 2669 guest_ptr = guest_row; 2670 } 2671 server_ptr = server_row; 2672 2673 for (x = 0; x + 15 < width; 2674 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2675 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y])) 2676 continue; 2677 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0) 2678 continue; 2679 memcpy(server_ptr, guest_ptr, cmp_bytes); 2680 if (!vd->non_adaptive) 2681 vnc_rect_updated(vd, x, y, &tv); 2682 QTAILQ_FOREACH(vs, &vd->clients, next) { 2683 set_bit((x / 16), vs->dirty[y]); 2684 } 2685 has_dirty++; 2686 } 2687 } 2688 guest_row += pixman_image_get_stride(vd->guest.fb); 2689 server_row += pixman_image_get_stride(vd->server); 2690 } 2691 qemu_pixman_image_unref(tmpbuf); 2692 return has_dirty; 2693 } 2694 2695 static void vnc_refresh(DisplayChangeListener *dcl) 2696 { 2697 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2698 VncState *vs, *vn; 2699 int has_dirty, rects = 0; 2700 2701 graphic_hw_update(NULL); 2702 2703 if (vnc_trylock_display(vd)) { 2704 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2705 return; 2706 } 2707 2708 has_dirty = vnc_refresh_server_surface(vd); 2709 vnc_unlock_display(vd); 2710 2711 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2712 rects += vnc_update_client(vs, has_dirty); 2713 /* vs might be free()ed here */ 2714 } 2715 2716 if (QTAILQ_EMPTY(&vd->clients)) { 2717 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2718 return; 2719 } 2720 2721 if (has_dirty && rects) { 2722 vd->dcl.update_interval /= 2; 2723 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2724 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2725 } 2726 } else { 2727 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2728 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2729 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2730 } 2731 } 2732 } 2733 2734 static void vnc_connect(VncDisplay *vd, int csock, int skipauth, bool websocket) 2735 { 2736 VncState *vs = g_malloc0(sizeof(VncState)); 2737 int i; 2738 2739 vs->csock = csock; 2740 2741 if (skipauth) { 2742 vs->auth = VNC_AUTH_NONE; 2743 #ifdef CONFIG_VNC_TLS 2744 vs->subauth = VNC_AUTH_INVALID; 2745 #endif 2746 } else { 2747 vs->auth = vd->auth; 2748 #ifdef CONFIG_VNC_TLS 2749 vs->subauth = vd->subauth; 2750 #endif 2751 } 2752 2753 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2754 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2755 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t)); 2756 } 2757 2758 VNC_DEBUG("New client on socket %d\n", csock); 2759 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2760 qemu_set_nonblock(vs->csock); 2761 #ifdef CONFIG_VNC_WS 2762 if (websocket) { 2763 vs->websocket = 1; 2764 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs); 2765 } else 2766 #endif /* CONFIG_VNC_WS */ 2767 { 2768 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 2769 } 2770 2771 vnc_client_cache_addr(vs); 2772 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED); 2773 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2774 2775 vs->vd = vd; 2776 2777 #ifdef CONFIG_VNC_WS 2778 if (!vs->websocket) 2779 #endif 2780 { 2781 vnc_init_state(vs); 2782 } 2783 } 2784 2785 void vnc_init_state(VncState *vs) 2786 { 2787 vs->initialized = true; 2788 VncDisplay *vd = vs->vd; 2789 2790 vs->last_x = -1; 2791 vs->last_y = -1; 2792 2793 vs->as.freq = 44100; 2794 vs->as.nchannels = 2; 2795 vs->as.fmt = AUD_FMT_S16; 2796 vs->as.endianness = 0; 2797 2798 qemu_mutex_init(&vs->output_mutex); 2799 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 2800 2801 QTAILQ_INSERT_HEAD(&vd->clients, vs, next); 2802 2803 graphic_hw_update(NULL); 2804 2805 vnc_write(vs, "RFB 003.008\n", 12); 2806 vnc_flush(vs); 2807 vnc_read_when(vs, protocol_version, 12); 2808 reset_keys(vs); 2809 if (vs->vd->lock_key_sync) 2810 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 2811 2812 vs->mouse_mode_notifier.notify = check_pointer_type_change; 2813 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 2814 2815 /* vs might be free()ed here */ 2816 } 2817 2818 static void vnc_listen_read(void *opaque, bool websocket) 2819 { 2820 VncDisplay *vs = opaque; 2821 struct sockaddr_in addr; 2822 socklen_t addrlen = sizeof(addr); 2823 int csock; 2824 2825 /* Catch-up */ 2826 graphic_hw_update(NULL); 2827 #ifdef CONFIG_VNC_WS 2828 if (websocket) { 2829 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen); 2830 } else 2831 #endif /* CONFIG_VNC_WS */ 2832 { 2833 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 2834 } 2835 2836 if (csock != -1) { 2837 vnc_connect(vs, csock, 0, websocket); 2838 } 2839 } 2840 2841 static void vnc_listen_regular_read(void *opaque) 2842 { 2843 vnc_listen_read(opaque, 0); 2844 } 2845 2846 #ifdef CONFIG_VNC_WS 2847 static void vnc_listen_websocket_read(void *opaque) 2848 { 2849 vnc_listen_read(opaque, 1); 2850 } 2851 #endif /* CONFIG_VNC_WS */ 2852 2853 static const DisplayChangeListenerOps dcl_ops = { 2854 .dpy_name = "vnc", 2855 .dpy_refresh = vnc_refresh, 2856 .dpy_gfx_copy = vnc_dpy_copy, 2857 .dpy_gfx_update = vnc_dpy_update, 2858 .dpy_gfx_switch = vnc_dpy_switch, 2859 .dpy_mouse_set = vnc_mouse_set, 2860 .dpy_cursor_define = vnc_dpy_cursor_define, 2861 }; 2862 2863 void vnc_display_init(DisplayState *ds) 2864 { 2865 VncDisplay *vs = g_malloc0(sizeof(*vs)); 2866 2867 vnc_display = vs; 2868 2869 vs->lsock = -1; 2870 #ifdef CONFIG_VNC_WS 2871 vs->lwebsock = -1; 2872 #endif 2873 2874 QTAILQ_INIT(&vs->clients); 2875 vs->expires = TIME_MAX; 2876 2877 if (keyboard_layout) 2878 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 2879 else 2880 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 2881 2882 if (!vs->kbd_layout) 2883 exit(1); 2884 2885 qemu_mutex_init(&vs->mutex); 2886 vnc_start_worker_thread(); 2887 2888 vs->dcl.ops = &dcl_ops; 2889 register_displaychangelistener(&vs->dcl); 2890 } 2891 2892 2893 static void vnc_display_close(DisplayState *ds) 2894 { 2895 VncDisplay *vs = vnc_display; 2896 2897 if (!vs) 2898 return; 2899 if (vs->display) { 2900 g_free(vs->display); 2901 vs->display = NULL; 2902 } 2903 if (vs->lsock != -1) { 2904 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL); 2905 close(vs->lsock); 2906 vs->lsock = -1; 2907 } 2908 #ifdef CONFIG_VNC_WS 2909 g_free(vs->ws_display); 2910 vs->ws_display = NULL; 2911 if (vs->lwebsock != -1) { 2912 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL); 2913 close(vs->lwebsock); 2914 vs->lwebsock = -1; 2915 } 2916 #endif /* CONFIG_VNC_WS */ 2917 vs->auth = VNC_AUTH_INVALID; 2918 #ifdef CONFIG_VNC_TLS 2919 vs->subauth = VNC_AUTH_INVALID; 2920 vs->tls.x509verify = 0; 2921 #endif 2922 } 2923 2924 static int vnc_display_disable_login(DisplayState *ds) 2925 { 2926 VncDisplay *vs = vnc_display; 2927 2928 if (!vs) { 2929 return -1; 2930 } 2931 2932 if (vs->password) { 2933 g_free(vs->password); 2934 } 2935 2936 vs->password = NULL; 2937 if (vs->auth == VNC_AUTH_NONE) { 2938 vs->auth = VNC_AUTH_VNC; 2939 } 2940 2941 return 0; 2942 } 2943 2944 int vnc_display_password(DisplayState *ds, const char *password) 2945 { 2946 VncDisplay *vs = vnc_display; 2947 2948 if (!vs) { 2949 return -EINVAL; 2950 } 2951 2952 if (!password) { 2953 /* This is not the intention of this interface but err on the side 2954 of being safe */ 2955 return vnc_display_disable_login(ds); 2956 } 2957 2958 if (vs->password) { 2959 g_free(vs->password); 2960 vs->password = NULL; 2961 } 2962 vs->password = g_strdup(password); 2963 if (vs->auth == VNC_AUTH_NONE) { 2964 vs->auth = VNC_AUTH_VNC; 2965 } 2966 2967 return 0; 2968 } 2969 2970 int vnc_display_pw_expire(DisplayState *ds, time_t expires) 2971 { 2972 VncDisplay *vs = vnc_display; 2973 2974 if (!vs) { 2975 return -EINVAL; 2976 } 2977 2978 vs->expires = expires; 2979 return 0; 2980 } 2981 2982 char *vnc_display_local_addr(DisplayState *ds) 2983 { 2984 VncDisplay *vs = vnc_display; 2985 2986 return vnc_socket_local_addr("%s:%s", vs->lsock); 2987 } 2988 2989 void vnc_display_open(DisplayState *ds, const char *display, Error **errp) 2990 { 2991 VncDisplay *vs = vnc_display; 2992 const char *options; 2993 int password = 0; 2994 int reverse = 0; 2995 #ifdef CONFIG_VNC_TLS 2996 int tls = 0, x509 = 0; 2997 #endif 2998 #ifdef CONFIG_VNC_SASL 2999 int sasl = 0; 3000 int saslErr; 3001 #endif 3002 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3003 int acl = 0; 3004 #endif 3005 int lock_key_sync = 1; 3006 3007 if (!vnc_display) { 3008 error_setg(errp, "VNC display not active"); 3009 return; 3010 } 3011 vnc_display_close(ds); 3012 if (strcmp(display, "none") == 0) 3013 return; 3014 3015 vs->display = g_strdup(display); 3016 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3017 3018 options = display; 3019 while ((options = strchr(options, ','))) { 3020 options++; 3021 if (strncmp(options, "password", 8) == 0) { 3022 if (fips_get_state()) { 3023 error_setg(errp, 3024 "VNC password auth disabled due to FIPS mode, " 3025 "consider using the VeNCrypt or SASL authentication " 3026 "methods as an alternative"); 3027 goto fail; 3028 } 3029 password = 1; /* Require password auth */ 3030 } else if (strncmp(options, "reverse", 7) == 0) { 3031 reverse = 1; 3032 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) { 3033 lock_key_sync = 0; 3034 #ifdef CONFIG_VNC_SASL 3035 } else if (strncmp(options, "sasl", 4) == 0) { 3036 sasl = 1; /* Require SASL auth */ 3037 #endif 3038 #ifdef CONFIG_VNC_WS 3039 } else if (strncmp(options, "websocket", 9) == 0) { 3040 char *start, *end; 3041 vs->websocket = 1; 3042 3043 /* Check for 'websocket=<port>' */ 3044 start = strchr(options, '='); 3045 end = strchr(options, ','); 3046 if (start && (!end || (start < end))) { 3047 int len = end ? end-(start+1) : strlen(start+1); 3048 if (len < 6) { 3049 /* extract the host specification from display */ 3050 char *host = NULL, *port = NULL, *host_end = NULL; 3051 port = g_strndup(start + 1, len); 3052 3053 /* ipv6 hosts have colons */ 3054 end = strchr(display, ','); 3055 host_end = g_strrstr_len(display, end - display, ":"); 3056 3057 if (host_end) { 3058 host = g_strndup(display, host_end - display + 1); 3059 } else { 3060 host = g_strndup(":", 1); 3061 } 3062 vs->ws_display = g_strconcat(host, port, NULL); 3063 g_free(host); 3064 g_free(port); 3065 } 3066 } 3067 #endif /* CONFIG_VNC_WS */ 3068 #ifdef CONFIG_VNC_TLS 3069 } else if (strncmp(options, "tls", 3) == 0) { 3070 tls = 1; /* Require TLS */ 3071 } else if (strncmp(options, "x509", 4) == 0) { 3072 char *start, *end; 3073 x509 = 1; /* Require x509 certificates */ 3074 if (strncmp(options, "x509verify", 10) == 0) 3075 vs->tls.x509verify = 1; /* ...and verify client certs */ 3076 3077 /* Now check for 'x509=/some/path' postfix 3078 * and use that to setup x509 certificate/key paths */ 3079 start = strchr(options, '='); 3080 end = strchr(options, ','); 3081 if (start && (!end || (start < end))) { 3082 int len = end ? end-(start+1) : strlen(start+1); 3083 char *path = g_strndup(start + 1, len); 3084 3085 VNC_DEBUG("Trying certificate path '%s'\n", path); 3086 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { 3087 error_setg(errp, "Failed to find x509 certificates/keys in %s", path); 3088 g_free(path); 3089 goto fail; 3090 } 3091 g_free(path); 3092 } else { 3093 error_setg(errp, "No certificate path provided"); 3094 goto fail; 3095 } 3096 #endif 3097 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3098 } else if (strncmp(options, "acl", 3) == 0) { 3099 acl = 1; 3100 #endif 3101 } else if (strncmp(options, "lossy", 5) == 0) { 3102 vs->lossy = true; 3103 } else if (strncmp(options, "non-adaptive", 12) == 0) { 3104 vs->non_adaptive = true; 3105 } else if (strncmp(options, "share=", 6) == 0) { 3106 if (strncmp(options+6, "ignore", 6) == 0) { 3107 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3108 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) { 3109 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3110 } else if (strncmp(options+6, "force-shared", 12) == 0) { 3111 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3112 } else { 3113 error_setg(errp, "unknown vnc share= option"); 3114 goto fail; 3115 } 3116 } 3117 } 3118 3119 #ifdef CONFIG_VNC_TLS 3120 if (acl && x509 && vs->tls.x509verify) { 3121 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) { 3122 fprintf(stderr, "Failed to create x509 dname ACL\n"); 3123 exit(1); 3124 } 3125 } 3126 #endif 3127 #ifdef CONFIG_VNC_SASL 3128 if (acl && sasl) { 3129 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) { 3130 fprintf(stderr, "Failed to create username ACL\n"); 3131 exit(1); 3132 } 3133 } 3134 #endif 3135 3136 /* 3137 * Combinations we support here: 3138 * 3139 * - no-auth (clear text, no auth) 3140 * - password (clear text, weak auth) 3141 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI) 3142 * - tls (encrypt, weak anonymous creds, no auth) 3143 * - tls + password (encrypt, weak anonymous creds, weak auth) 3144 * - tls + sasl (encrypt, weak anonymous creds, good auth) 3145 * - tls + x509 (encrypt, good x509 creds, no auth) 3146 * - tls + x509 + password (encrypt, good x509 creds, weak auth) 3147 * - tls + x509 + sasl (encrypt, good x509 creds, good auth) 3148 * 3149 * NB1. TLS is a stackable auth scheme. 3150 * NB2. the x509 schemes have option to validate a client cert dname 3151 */ 3152 if (password) { 3153 #ifdef CONFIG_VNC_TLS 3154 if (tls) { 3155 vs->auth = VNC_AUTH_VENCRYPT; 3156 if (x509) { 3157 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3158 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3159 } else { 3160 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3161 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3162 } 3163 } else { 3164 #endif /* CONFIG_VNC_TLS */ 3165 VNC_DEBUG("Initializing VNC server with password auth\n"); 3166 vs->auth = VNC_AUTH_VNC; 3167 #ifdef CONFIG_VNC_TLS 3168 vs->subauth = VNC_AUTH_INVALID; 3169 } 3170 #endif /* CONFIG_VNC_TLS */ 3171 #ifdef CONFIG_VNC_SASL 3172 } else if (sasl) { 3173 #ifdef CONFIG_VNC_TLS 3174 if (tls) { 3175 vs->auth = VNC_AUTH_VENCRYPT; 3176 if (x509) { 3177 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3178 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3179 } else { 3180 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3181 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3182 } 3183 } else { 3184 #endif /* CONFIG_VNC_TLS */ 3185 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3186 vs->auth = VNC_AUTH_SASL; 3187 #ifdef CONFIG_VNC_TLS 3188 vs->subauth = VNC_AUTH_INVALID; 3189 } 3190 #endif /* CONFIG_VNC_TLS */ 3191 #endif /* CONFIG_VNC_SASL */ 3192 } else { 3193 #ifdef CONFIG_VNC_TLS 3194 if (tls) { 3195 vs->auth = VNC_AUTH_VENCRYPT; 3196 if (x509) { 3197 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3198 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3199 } else { 3200 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3201 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3202 } 3203 } else { 3204 #endif 3205 VNC_DEBUG("Initializing VNC server with no auth\n"); 3206 vs->auth = VNC_AUTH_NONE; 3207 #ifdef CONFIG_VNC_TLS 3208 vs->subauth = VNC_AUTH_INVALID; 3209 } 3210 #endif 3211 } 3212 3213 #ifdef CONFIG_VNC_SASL 3214 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3215 error_setg(errp, "Failed to initialize SASL auth: %s", 3216 sasl_errstring(saslErr, NULL, NULL)); 3217 goto fail; 3218 } 3219 #endif 3220 vs->lock_key_sync = lock_key_sync; 3221 3222 if (reverse) { 3223 /* connect to viewer */ 3224 int csock; 3225 vs->lsock = -1; 3226 #ifdef CONFIG_VNC_WS 3227 vs->lwebsock = -1; 3228 #endif 3229 if (strncmp(display, "unix:", 5) == 0) { 3230 csock = unix_connect(display+5, errp); 3231 } else { 3232 csock = inet_connect(display, errp); 3233 } 3234 if (csock < 0) { 3235 goto fail; 3236 } 3237 vnc_connect(vs, csock, 0, 0); 3238 } else { 3239 /* listen for connects */ 3240 char *dpy; 3241 dpy = g_malloc(256); 3242 if (strncmp(display, "unix:", 5) == 0) { 3243 pstrcpy(dpy, 256, "unix:"); 3244 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp); 3245 } else { 3246 vs->lsock = inet_listen(display, dpy, 256, 3247 SOCK_STREAM, 5900, errp); 3248 if (vs->lsock < 0) { 3249 g_free(dpy); 3250 goto fail; 3251 } 3252 #ifdef CONFIG_VNC_WS 3253 if (vs->websocket) { 3254 if (vs->ws_display) { 3255 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256, 3256 SOCK_STREAM, 0, errp); 3257 } else { 3258 vs->lwebsock = inet_listen(vs->display, NULL, 256, 3259 SOCK_STREAM, 5700, errp); 3260 } 3261 3262 if (vs->lwebsock < 0) { 3263 if (vs->lsock) { 3264 close(vs->lsock); 3265 vs->lsock = -1; 3266 } 3267 g_free(dpy); 3268 goto fail; 3269 } 3270 } 3271 #endif /* CONFIG_VNC_WS */ 3272 } 3273 g_free(vs->display); 3274 vs->display = dpy; 3275 qemu_set_fd_handler2(vs->lsock, NULL, 3276 vnc_listen_regular_read, NULL, vs); 3277 #ifdef CONFIG_VNC_WS 3278 if (vs->websocket) { 3279 qemu_set_fd_handler2(vs->lwebsock, NULL, 3280 vnc_listen_websocket_read, NULL, vs); 3281 } 3282 #endif /* CONFIG_VNC_WS */ 3283 } 3284 return; 3285 3286 fail: 3287 g_free(vs->display); 3288 vs->display = NULL; 3289 #ifdef CONFIG_VNC_WS 3290 g_free(vs->ws_display); 3291 vs->ws_display = NULL; 3292 #endif /* CONFIG_VNC_WS */ 3293 } 3294 3295 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth) 3296 { 3297 VncDisplay *vs = vnc_display; 3298 3299 vnc_connect(vs, csock, skipauth, 0); 3300 } 3301